From 8748fe8e6ee3e573f2c8315f2ff44d7b33f60f01 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 11 Mar 2026 13:43:34 -0400 Subject: [PATCH 01/10] feat(tuned): migrate sysctl tunings to tuned and standardize postgres GIDs - Move various sysctl parameters from setup-system.yml into the postgresql tuned profile. - Explicitly define GIDs for ssl-cert (1001) and postgres (1002) to ensure stable HugePages access. - Add HugePages calculation and hugetlb_shm_group configuration to the tuned profile. - Ensure gotrue.service waits for tuned.service before starting. --- ansible/files/gotrue.service.j2 | 1 + ansible/tasks/setup-postgres.yml | 7 +- ansible/tasks/setup-system.yml | 50 ------------- ansible/tasks/setup-tuned.yml | 122 ++++++++++++++++++++++++++----- 4 files changed, 107 insertions(+), 73 deletions(-) diff --git a/ansible/files/gotrue.service.j2 b/ansible/files/gotrue.service.j2 index dbcbd03fed..615411b4f5 100644 --- a/ansible/files/gotrue.service.j2 +++ b/ansible/files/gotrue.service.j2 @@ -16,6 +16,7 @@ After=apparmor.service # We want sysctl's to be applied After=systemd-sysctl.service +After=tuned.service # UFW Is modified by cloud init, but started non-blocking, so configuration # could be in-flight while gotrue is starting. I want to ensure future rules diff --git a/ansible/tasks/setup-postgres.yml b/ansible/tasks/setup-postgres.yml index be6fa0840c..0c2c439643 100644 --- a/ansible/tasks/setup-postgres.yml +++ b/ansible/tasks/setup-postgres.yml @@ -77,11 +77,12 @@ # for the nix built version - name: create ssl-cert and postgres groups ansible.builtin.group: - name: "{{ group_item }}" + gid: "{{ group_item['gid'] }}" + name: "{{ group_item['grp'] }}" state: 'present' loop: - - 'ssl-cert' - - 'postgres' + - { grp: 'ssl-cert', gid: '1001' } + - { grp: 'postgres', gid: '1002' } loop_control: loop_var: 'group_item' diff --git a/ansible/tasks/setup-system.yml b/ansible/tasks/setup-system.yml index e2ea614bc5..a56dfe1554 100644 --- a/ansible/tasks/setup-system.yml +++ b/ansible/tasks/setup-system.yml @@ -153,46 +153,6 @@ owner: 'root' group: 'root' - # Set Sysctl params specific to keepalives - - name: Set net.ipv4.tcp_keepalive_time=1800 - ansible.builtin.sysctl: - name: 'net.ipv4.tcp_keepalive_time' - value: 1800 - state: 'present' - - - name: Set net.ipv4.tcp_keepalive_intvl=60 - ansible.builtin.sysctl: - name: 'net.ipv4.tcp_keepalive_intvl' - value: 60 - state: 'present' - - # postgres_exporter runs on port 9187 and postgresT occasionlly chooses it as random srcport - # adminapi for 8085 - - name: Set net.ipv4.ip_local_reserved_ports - ansible.builtin.sysctl: - name: 'net.ipv4.ip_local_reserved_ports' - value: '9187,8085' - state: 'present' - -- name: Execute tasks when (debpkg_mode or nixpkg_mode) - when: - - (debpkg_mode or nixpkg_mode) - block: - # Set Sysctl params for restarting the OS on OOM after 10 - - name: Set vm.panic_on_oom=1 - ansible.builtin.sysctl: - name: 'vm.panic_on_oom' - reload: true - state: 'present' - value: '1' - - - name: Set kernel.panic=10 - ansible.builtin.sysctl: - name: 'kernel.panic' - reload: true - state: 'present' - value: '10' - - name: set hosts file ansible.builtin.copy: content: | @@ -204,13 +164,3 @@ group: 'root' when: - (debpkg_mode or stage2_nix) - -- name: configure system - ansible.posix.sysctl: - name: 'net.core.somaxconn' - value: 16834 - -- name: configure system - ansible.posix.sysctl: - name: 'net.ipv4.ip_local_port_range' - value: '1025 65000' diff --git a/ansible/tasks/setup-tuned.yml b/ansible/tasks/setup-tuned.yml index 12e2cec39d..e516178ca8 100644 --- a/ansible/tasks/setup-tuned.yml +++ b/ansible/tasks/setup-tuned.yml @@ -1,8 +1,8 @@ -- name: Install and configure tuned when stage2_nix +- name: tuned - Install and configure tuned when stage2_nix when: - (stage2_nix or nixpkg_mode) block: - - name: Install tuned + - name: tuned - Install tuned ansible.builtin.apt: force_apt_get: true name: 'tuned' @@ -11,7 +11,7 @@ update_cache: true become: true - - name: Create a tuned profile directory + - name: tuned - Create a tuned profile directory ansible.builtin.file: group: 'root' mode: '0755' @@ -20,7 +20,7 @@ state: 'directory' become: true - - name: Create a profile symlink for older tuned versions + - name: tuned - Create a profile symlink for older tuned versions ansible.builtin.file: force: true group: 'root' @@ -31,7 +31,7 @@ state: 'link' become: true - - name: Create a tuned profile + - name: tuned - Create a tuned profile become: true community.general.ini_file: create: true @@ -103,19 +103,6 @@ when: - ansible_facts['swaptotal_mb'] > 0 block: - - name: tuned - Decrease the kernel swappiness - become: true - community.general.ini_file: - create: true - group: 'root' - mode: '0644' - no_extra_spaces: true - option: 'vm.swappiness' - path: '/etc/tuned/profiles/postgresql/tuned.conf' - section: 'sysctl' - state: 'present' - value: 10 - - name: tuned - Load zstd compressor module become: true community.general.modprobe: @@ -147,7 +134,102 @@ state: 'present' value: 'zswap.enabled=1 zswap.zpool=zsmalloc zswap.compressor=zstd zswap.max_pool_percent=10' - - name: Activate the tuned service + - name: tuned - Inherit the throughput-performance profile + become: true + community.general.ini_file: + create: true + group: 'root' + mode: '0644' + no_extra_spaces: true + option: 'include' + path: '/etc/tuned/profiles/postgresql/tuned.conf' + section: 'main' + state: 'present' + value: 'throughput-performance' + + - name: tuned - Add Supabase-specific tunings and overrides + become: true + community.general.ini_file: + create: true + group: 'root' + mode: '0644' + no_extra_spaces: true + option: "{{ supa_item['option'] }}" + path: '/etc/tuned/profiles/postgresql/tuned.conf' + section: 'sysctl' + state: 'present' + value: "{{ supa_item['value'] }}" + loop: + - { option: 'fs.file-max', value: '312139770' } + - { option: 'fs.aio-max-nr', value: '1048576' } + - { option: 'kernel.numa_balancing', value: '0' } + - { option: 'kernel.shmmax', value: '18446744073692700000' } + - { option: 'kernel.shmall', value: '18446744073692700000' } + - { option: 'kernel.shmmni', value: '4096' } + - { option: 'kernel.sem', value: '250 512000 100 2048' } + - { option: 'kernel.panic', value: '10' } + - { option: 'kernel.panic_on_oom', value: '1' } + - { option: 'kernel.panic_on_oops', value: '1' } + - { option: 'net.core.netdev_budget', value: '1024' } + - { option: 'net.core.netdev_max_backlog', value: '10000' } + - { option: 'net.core.rmem_default', value: '262144' } + - { option: 'net.core.rmem_max', value: '104857600' } + - { option: 'net.core.somaxconn', value: '16384' } + - { option: 'net.core.wmem_default', value: '262144' } + - { option: 'net.core.wmem_max', value: '104857600' } + - { option: 'net.ipv4.ip_local_port_range', value: '1025 65499' } + - { option: 'net.ipv4.ip_local_reserved_ports', value: '3000,3001,8085,9122,9187,9999' } + - { option: 'net.ipv4.tcp_keepalive_intvl', value: '60' } + - { option: 'net.ipv4.tcp_keepalive_time', value: '1800' } + - { option: 'net.ipv4.tcp_max_syn_backlog', value: '4096' } + - { option: 'net.ipv4.tcp_rmem', value: '4096 87380 16777216' } + - { option: 'net.ipv4.tcp_timestamps', value: '0' } + - { option: 'net.ipv4.tcp_tw_reuse', value: '1' } + - { option: 'net.ipv4.tcp_window_scaling', value: '1' } + - { option: 'net.ipv4.tcp_wmem', value: '4096 65536 16777216' } + - { option: 'net.netfilter.nf_conntrack_max', value: '250000' } + - { option: 'vm.dirty_background_ratio', value: '10' } + - { option: 'vm.dirty_expire_centisecs', value: '3000' } + - { option: 'vm.dirty_ratio', value: '40' } + - { option: 'vm.dirty_writeback_centisecs', value: '500' } + - { option: 'vm.overcommit_memory', value: '2' } + - { option: 'vm.panic_on_oom', value: '1' } + - { option: 'vm.swappiness', value: '10' } + loop_control: + loop_var: 'supa_item' + + - name: tuned - Configure explicit HugePages for Postgresql + become: true + block: + - name: tuned - Compute the necessary HugePages + become: true + community.general.ini_file: + create: true + group: 'root' + mode: '0644' + option: 'vm.nr_hugepages' + path: '/etc/tuned/profiles/postgresql/tuned.conf' + section: 'sysctl' + state: 'present' + value: "{{ (shared_buffers * overhead) / hugepagesize | round | int }}" + vars: + hugepagesize: 2048 # assumes a 2MB page + shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default + overhead: 1.05 + + - name: tuned - Add the postgres group to the HugePages access + become: true + community.general.ini_file: + create: true + group: 'root' + mode: '0644' + option: 'vm.hugetlb_shm_group' + path: '/etc/tuned/profiles/postgresql/tuned.conf' + section: 'sysctl' + state: 'present' + value: '1002' + + - name: tuned - Activate the tuned service ansible.builtin.systemd_service: daemon_reload: true enabled: true @@ -155,7 +237,7 @@ state: 'restarted' become: true - - name: Activate the PostgreSQL tuned profile + - name: tuned - Activate the PostgreSQL tuned profile ansible.builtin.command: cmd: tuned-adm profile postgresql become: true From 4e604d6419ba8bbbb395be0654c69620da52943a Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Wed, 11 Mar 2026 15:41:06 -0400 Subject: [PATCH 02/10] chore: adjust ammi version vars --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 1ec3104168..16be78129e 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.052-orioledb" - postgres17: "17.6.1.095" - postgres15: "15.14.1.095" + postgresorioledb-17: "17.6.0.052-orioledb-tuned-1" + postgres17: "17.6.1.095-tuned-1" + postgres15: "15.14.1.095-tuned-1" # Non Postgres Extensions pgbouncer_release: 1.25.1 From 8bffbbebd65d24ac32981d248278d6d110a39b10 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Thu, 12 Mar 2026 09:16:07 -0400 Subject: [PATCH 03/10] fix(tuned): allow overcommit --- ansible/tasks/setup-tuned.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-tuned.yml b/ansible/tasks/setup-tuned.yml index e516178ca8..8ed7318ea1 100644 --- a/ansible/tasks/setup-tuned.yml +++ b/ansible/tasks/setup-tuned.yml @@ -192,7 +192,7 @@ - { option: 'vm.dirty_expire_centisecs', value: '3000' } - { option: 'vm.dirty_ratio', value: '40' } - { option: 'vm.dirty_writeback_centisecs', value: '500' } - - { option: 'vm.overcommit_memory', value: '2' } +# - { option: 'vm.overcommit_memory', value: '2' } - { option: 'vm.panic_on_oom', value: '1' } - { option: 'vm.swappiness', value: '10' } loop_control: From fba0f65e439349a4c1a460831032e93ae24caa0e Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Thu, 19 Mar 2026 16:23:33 -0400 Subject: [PATCH 04/10] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- ansible/tasks/setup-tuned.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-tuned.yml b/ansible/tasks/setup-tuned.yml index 8ed7318ea1..90b44a7ae5 100644 --- a/ansible/tasks/setup-tuned.yml +++ b/ansible/tasks/setup-tuned.yml @@ -1,6 +1,6 @@ - name: tuned - Install and configure tuned when stage2_nix when: - - (stage2_nix or nixpkg_mode) + - (stage2_nix or nixpkg_mode or debpkg_mode) block: - name: tuned - Install tuned ansible.builtin.apt: From d04c6a50a92c32b9dfb65dea1a9591c03d84099e Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Thu, 19 Mar 2026 16:24:03 -0400 Subject: [PATCH 05/10] Potential fix for pull request finding Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- ansible/tasks/setup-tuned.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ansible/tasks/setup-tuned.yml b/ansible/tasks/setup-tuned.yml index 90b44a7ae5..4fa0b47af9 100644 --- a/ansible/tasks/setup-tuned.yml +++ b/ansible/tasks/setup-tuned.yml @@ -211,7 +211,7 @@ path: '/etc/tuned/profiles/postgresql/tuned.conf' section: 'sysctl' state: 'present' - value: "{{ (shared_buffers * overhead) / hugepagesize | round | int }}" + value: "{{ ((shared_buffers * overhead) / hugepagesize) | round | int }}" vars: hugepagesize: 2048 # assumes a 2MB page shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default From 86d9184519b2b2cbd5207ccafe298ddcad47ebeb Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 23 Mar 2026 12:06:05 -0400 Subject: [PATCH 06/10] debugging by adding only one option at a time --- ansible/tasks/setup-tuned.yml | 162 +++++++++++++++++----------------- 1 file changed, 81 insertions(+), 81 deletions(-) diff --git a/ansible/tasks/setup-tuned.yml b/ansible/tasks/setup-tuned.yml index 4fa0b47af9..3b05e9bc63 100644 --- a/ansible/tasks/setup-tuned.yml +++ b/ansible/tasks/setup-tuned.yml @@ -147,87 +147,87 @@ state: 'present' value: 'throughput-performance' - - name: tuned - Add Supabase-specific tunings and overrides - become: true - community.general.ini_file: - create: true - group: 'root' - mode: '0644' - no_extra_spaces: true - option: "{{ supa_item['option'] }}" - path: '/etc/tuned/profiles/postgresql/tuned.conf' - section: 'sysctl' - state: 'present' - value: "{{ supa_item['value'] }}" - loop: - - { option: 'fs.file-max', value: '312139770' } - - { option: 'fs.aio-max-nr', value: '1048576' } - - { option: 'kernel.numa_balancing', value: '0' } - - { option: 'kernel.shmmax', value: '18446744073692700000' } - - { option: 'kernel.shmall', value: '18446744073692700000' } - - { option: 'kernel.shmmni', value: '4096' } - - { option: 'kernel.sem', value: '250 512000 100 2048' } - - { option: 'kernel.panic', value: '10' } - - { option: 'kernel.panic_on_oom', value: '1' } - - { option: 'kernel.panic_on_oops', value: '1' } - - { option: 'net.core.netdev_budget', value: '1024' } - - { option: 'net.core.netdev_max_backlog', value: '10000' } - - { option: 'net.core.rmem_default', value: '262144' } - - { option: 'net.core.rmem_max', value: '104857600' } - - { option: 'net.core.somaxconn', value: '16384' } - - { option: 'net.core.wmem_default', value: '262144' } - - { option: 'net.core.wmem_max', value: '104857600' } - - { option: 'net.ipv4.ip_local_port_range', value: '1025 65499' } - - { option: 'net.ipv4.ip_local_reserved_ports', value: '3000,3001,8085,9122,9187,9999' } - - { option: 'net.ipv4.tcp_keepalive_intvl', value: '60' } - - { option: 'net.ipv4.tcp_keepalive_time', value: '1800' } - - { option: 'net.ipv4.tcp_max_syn_backlog', value: '4096' } - - { option: 'net.ipv4.tcp_rmem', value: '4096 87380 16777216' } - - { option: 'net.ipv4.tcp_timestamps', value: '0' } - - { option: 'net.ipv4.tcp_tw_reuse', value: '1' } - - { option: 'net.ipv4.tcp_window_scaling', value: '1' } - - { option: 'net.ipv4.tcp_wmem', value: '4096 65536 16777216' } - - { option: 'net.netfilter.nf_conntrack_max', value: '250000' } - - { option: 'vm.dirty_background_ratio', value: '10' } - - { option: 'vm.dirty_expire_centisecs', value: '3000' } - - { option: 'vm.dirty_ratio', value: '40' } - - { option: 'vm.dirty_writeback_centisecs', value: '500' } -# - { option: 'vm.overcommit_memory', value: '2' } - - { option: 'vm.panic_on_oom', value: '1' } - - { option: 'vm.swappiness', value: '10' } - loop_control: - loop_var: 'supa_item' - - - name: tuned - Configure explicit HugePages for Postgresql - become: true - block: - - name: tuned - Compute the necessary HugePages - become: true - community.general.ini_file: - create: true - group: 'root' - mode: '0644' - option: 'vm.nr_hugepages' - path: '/etc/tuned/profiles/postgresql/tuned.conf' - section: 'sysctl' - state: 'present' - value: "{{ ((shared_buffers * overhead) / hugepagesize) | round | int }}" - vars: - hugepagesize: 2048 # assumes a 2MB page - shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default - overhead: 1.05 - - - name: tuned - Add the postgres group to the HugePages access - become: true - community.general.ini_file: - create: true - group: 'root' - mode: '0644' - option: 'vm.hugetlb_shm_group' - path: '/etc/tuned/profiles/postgresql/tuned.conf' - section: 'sysctl' - state: 'present' - value: '1002' +# - name: tuned - Add Supabase-specific tunings and overrides +# become: true +# community.general.ini_file: +# create: true +# group: 'root' +# mode: '0644' +# no_extra_spaces: true +# option: "{{ supa_item['option'] }}" +# path: '/etc/tuned/profiles/postgresql/tuned.conf' +# section: 'sysctl' +# state: 'present' +# value: "{{ supa_item['value'] }}" +# loop: +# - { option: 'fs.file-max', value: '312139770' } +# - { option: 'fs.aio-max-nr', value: '1048576' } +# - { option: 'kernel.numa_balancing', value: '0' } +# - { option: 'kernel.shmmax', value: '18446744073692700000' } +# - { option: 'kernel.shmall', value: '18446744073692700000' } +# - { option: 'kernel.shmmni', value: '4096' } +# - { option: 'kernel.sem', value: '250 512000 100 2048' } +# - { option: 'kernel.panic', value: '10' } +# - { option: 'kernel.panic_on_oom', value: '1' } +# - { option: 'kernel.panic_on_oops', value: '1' } +# - { option: 'net.core.netdev_budget', value: '1024' } +# - { option: 'net.core.netdev_max_backlog', value: '10000' } +# - { option: 'net.core.rmem_default', value: '262144' } +# - { option: 'net.core.rmem_max', value: '104857600' } +# - { option: 'net.core.somaxconn', value: '16384' } +# - { option: 'net.core.wmem_default', value: '262144' } +# - { option: 'net.core.wmem_max', value: '104857600' } +# - { option: 'net.ipv4.ip_local_port_range', value: '1025 65499' } +# - { option: 'net.ipv4.ip_local_reserved_ports', value: '3000,3001,8085,9122,9187,9999' } +# - { option: 'net.ipv4.tcp_keepalive_intvl', value: '60' } +# - { option: 'net.ipv4.tcp_keepalive_time', value: '1800' } +# - { option: 'net.ipv4.tcp_max_syn_backlog', value: '4096' } +# - { option: 'net.ipv4.tcp_rmem', value: '4096 87380 16777216' } +# - { option: 'net.ipv4.tcp_timestamps', value: '0' } +# - { option: 'net.ipv4.tcp_tw_reuse', value: '1' } +# - { option: 'net.ipv4.tcp_window_scaling', value: '1' } +# - { option: 'net.ipv4.tcp_wmem', value: '4096 65536 16777216' } +# - { option: 'net.netfilter.nf_conntrack_max', value: '250000' } +# - { option: 'vm.dirty_background_ratio', value: '10' } +# - { option: 'vm.dirty_expire_centisecs', value: '3000' } +# - { option: 'vm.dirty_ratio', value: '40' } +# - { option: 'vm.dirty_writeback_centisecs', value: '500' } +# # - { option: 'vm.overcommit_memory', value: '2' } +# - { option: 'vm.panic_on_oom', value: '1' } +# - { option: 'vm.swappiness', value: '10' } +# loop_control: +# loop_var: 'supa_item' +# + # - name: tuned - Configure explicit HugePages for Postgresql + # become: true + # block: + # - name: tuned - Compute the necessary HugePages + # become: true + # community.general.ini_file: + # create: true + # group: 'root' + # mode: '0644' + # option: 'vm.nr_hugepages' + # path: '/etc/tuned/profiles/postgresql/tuned.conf' + # section: 'sysctl' + # state: 'present' + # value: "{{ ((shared_buffers * overhead) / hugepagesize) | round | int }}" + # vars: + # hugepagesize: 2048 # assumes a 2MB page + # shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default + # overhead: 1.05 + # + # - name: tuned - Add the postgres group to the HugePages access + # become: true + # community.general.ini_file: + # create: true + # group: 'root' + # mode: '0644' + # option: 'vm.hugetlb_shm_group' + # path: '/etc/tuned/profiles/postgresql/tuned.conf' + # section: 'sysctl' + # state: 'present' + # value: '1002' - name: tuned - Activate the tuned service ansible.builtin.systemd_service: From 33a09bfe084c68016e1d9c706e11462b80055ad2 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Fri, 27 Mar 2026 13:31:06 -0400 Subject: [PATCH 07/10] debug: add explitic HP back --- ansible/tasks/setup-tuned.yml | 60 +++++++++++++++++------------------ ansible/vars.yml | 6 ++-- 2 files changed, 33 insertions(+), 33 deletions(-) diff --git a/ansible/tasks/setup-tuned.yml b/ansible/tasks/setup-tuned.yml index 3b05e9bc63..02b8b651d5 100644 --- a/ansible/tasks/setup-tuned.yml +++ b/ansible/tasks/setup-tuned.yml @@ -198,36 +198,36 @@ # loop_control: # loop_var: 'supa_item' # - # - name: tuned - Configure explicit HugePages for Postgresql - # become: true - # block: - # - name: tuned - Compute the necessary HugePages - # become: true - # community.general.ini_file: - # create: true - # group: 'root' - # mode: '0644' - # option: 'vm.nr_hugepages' - # path: '/etc/tuned/profiles/postgresql/tuned.conf' - # section: 'sysctl' - # state: 'present' - # value: "{{ ((shared_buffers * overhead) / hugepagesize) | round | int }}" - # vars: - # hugepagesize: 2048 # assumes a 2MB page - # shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default - # overhead: 1.05 - # - # - name: tuned - Add the postgres group to the HugePages access - # become: true - # community.general.ini_file: - # create: true - # group: 'root' - # mode: '0644' - # option: 'vm.hugetlb_shm_group' - # path: '/etc/tuned/profiles/postgresql/tuned.conf' - # section: 'sysctl' - # state: 'present' - # value: '1002' + - name: tuned - Configure explicit HugePages for Postgresql + become: true + block: + - name: tuned - Compute the necessary HugePages + become: true + community.general.ini_file: + create: true + group: 'root' + mode: '0644' + option: 'vm.nr_hugepages' + path: '/etc/tuned/profiles/postgresql/tuned.conf' + section: 'sysctl' + state: 'present' + value: "{{ ((shared_buffers * overhead) / hugepagesize) | round | int }}" + vars: + hugepagesize: 2048 # assumes a 2MB page + shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default + overhead: 1.05 + + - name: tuned - Add the postgres group to the HugePages access + become: true + community.general.ini_file: + create: true + group: 'root' + mode: '0644' + option: 'vm.hugetlb_shm_group' + path: '/etc/tuned/profiles/postgresql/tuned.conf' + section: 'sysctl' + state: 'present' + value: '1002' - name: tuned - Activate the tuned service ansible.builtin.systemd_service: diff --git a/ansible/vars.yml b/ansible/vars.yml index 34906e0285..ed5f82f61b 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.059-orioledb-tuned-1" - postgres17: "17.6.1.102-tuned-1" - postgres15: "15.14.1.102-tuned-1" + postgresorioledb-17: "17.6.0.059-orioledb-tuned-2" + postgres17: "17.6.1.102-tuned-2" + postgres15: "15.14.1.102-tuned-2" # Non Postgres Extensions pgbouncer_release: 1.25.1 From 0cfa7e1f9111feff03a7a19452a77bff354490d7 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Thu, 2 Apr 2026 08:58:53 -0400 Subject: [PATCH 08/10] debug: disable HP again, start walking thru sysctl loop --- ansible/tasks/setup-tuned.yml | 92 +++++++++++++++++------------------ ansible/vars.yml | 6 +-- 2 files changed, 49 insertions(+), 49 deletions(-) diff --git a/ansible/tasks/setup-tuned.yml b/ansible/tasks/setup-tuned.yml index 02b8b651d5..a806821469 100644 --- a/ansible/tasks/setup-tuned.yml +++ b/ansible/tasks/setup-tuned.yml @@ -147,20 +147,20 @@ state: 'present' value: 'throughput-performance' -# - name: tuned - Add Supabase-specific tunings and overrides -# become: true -# community.general.ini_file: -# create: true -# group: 'root' -# mode: '0644' -# no_extra_spaces: true -# option: "{{ supa_item['option'] }}" -# path: '/etc/tuned/profiles/postgresql/tuned.conf' -# section: 'sysctl' -# state: 'present' -# value: "{{ supa_item['value'] }}" -# loop: -# - { option: 'fs.file-max', value: '312139770' } + - name: tuned - Add Supabase-specific tunings and overrides + become: true + community.general.ini_file: + create: true + group: 'root' + mode: '0644' + no_extra_spaces: true + option: "{{ supa_item['option'] }}" + path: '/etc/tuned/profiles/postgresql/tuned.conf' + section: 'sysctl' + state: 'present' + value: "{{ supa_item['value'] }}" + loop: + - { option: 'fs.file-max', value: '312139770' } # - { option: 'fs.aio-max-nr', value: '1048576' } # - { option: 'kernel.numa_balancing', value: '0' } # - { option: 'kernel.shmmax', value: '18446744073692700000' } @@ -195,39 +195,39 @@ # # - { option: 'vm.overcommit_memory', value: '2' } # - { option: 'vm.panic_on_oom', value: '1' } # - { option: 'vm.swappiness', value: '10' } -# loop_control: -# loop_var: 'supa_item' + loop_control: + loop_var: 'supa_item' # - - name: tuned - Configure explicit HugePages for Postgresql - become: true - block: - - name: tuned - Compute the necessary HugePages - become: true - community.general.ini_file: - create: true - group: 'root' - mode: '0644' - option: 'vm.nr_hugepages' - path: '/etc/tuned/profiles/postgresql/tuned.conf' - section: 'sysctl' - state: 'present' - value: "{{ ((shared_buffers * overhead) / hugepagesize) | round | int }}" - vars: - hugepagesize: 2048 # assumes a 2MB page - shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default - overhead: 1.05 - - - name: tuned - Add the postgres group to the HugePages access - become: true - community.general.ini_file: - create: true - group: 'root' - mode: '0644' - option: 'vm.hugetlb_shm_group' - path: '/etc/tuned/profiles/postgresql/tuned.conf' - section: 'sysctl' - state: 'present' - value: '1002' + # - name: tuned - Configure explicit HugePages for Postgresql + # become: true + # block: + # - name: tuned - Compute the necessary HugePages + # become: true + # community.general.ini_file: + # create: true + # group: 'root' + # mode: '0644' + # option: 'vm.nr_hugepages' + # path: '/etc/tuned/profiles/postgresql/tuned.conf' + # section: 'sysctl' + # state: 'present' + # value: "{{ ((shared_buffers * overhead) / hugepagesize) | round | int }}" + # vars: + # hugepagesize: 2048 # assumes a 2MB page + # shared_buffers: 131072 # we use 128MB (128 * 1024) of shared_buffers by default + # overhead: 1.05 + # + # - name: tuned - Add the postgres group to the HugePages access + # become: true + # community.general.ini_file: + # create: true + # group: 'root' + # mode: '0644' + # option: 'vm.hugetlb_shm_group' + # path: '/etc/tuned/profiles/postgresql/tuned.conf' + # section: 'sysctl' + # state: 'present' + # value: '1002' - name: tuned - Activate the tuned service ansible.builtin.systemd_service: diff --git a/ansible/vars.yml b/ansible/vars.yml index 2f45d802e5..f31bd53c2e 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.061-orioledb-tuned-2" - postgres17: "17.6.1.104-tuned-2" - postgres15: "15.14.1.104-tuned-2" + postgresorioledb-17: "17.6.0.061-orioledb-tuned-3" + postgres17: "17.6.1.104-tuned-3" + postgres15: "15.14.1.104-tuned-3" # Non Postgres Extensions pgbouncer_release: 1.25.1 From 1a42c76a9dd7e9a6696bd56e62c406eabd474803 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Mon, 6 Apr 2026 10:23:14 -0400 Subject: [PATCH 09/10] Update vars.yml --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index f31bd53c2e..88ee1f0676 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.061-orioledb-tuned-3" - postgres17: "17.6.1.104-tuned-3" - postgres15: "15.14.1.104-tuned-3" + postgresorioledb-17: "17.6.0.061-orioledb-tuned-4" + postgres17: "17.6.1.104-tuned-4" + postgres15: "15.14.1.104-tuned-4" # Non Postgres Extensions pgbouncer_release: 1.25.1 From 6186420bdc2b805454f0e16acd06a8021bde7c41 Mon Sep 17 00:00:00 2001 From: Douglas J Hunley Date: Tue, 7 Apr 2026 11:51:27 -0400 Subject: [PATCH 10/10] Update vars.yml --- ansible/vars.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/ansible/vars.yml b/ansible/vars.yml index 88ee1f0676..41521eda06 100644 --- a/ansible/vars.yml +++ b/ansible/vars.yml @@ -10,9 +10,9 @@ postgres_major: # Full version strings for each major version postgres_release: - postgresorioledb-17: "17.6.0.061-orioledb-tuned-4" - postgres17: "17.6.1.104-tuned-4" - postgres15: "15.14.1.104-tuned-4" + postgresorioledb-17: "17.6.0.061-orioledb-tuned-5" + postgres17: "17.6.1.104-tuned-5" + postgres15: "15.14.1.104-tuned-5" # Non Postgres Extensions pgbouncer_release: 1.25.1